python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-11-10 19:56:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Catch PCX P mode buffer overrun

Browse Source
This commit is contained in:
Andrew Murray 2019-12-21 18:38:22 +11:00
parent c40bc25847
commit 8f0c8f7311
3 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Tests/images/pcx_overrun2.bin Normal file
View File

Binary file not shown.

7
Tests/test_image.py
View File

@ -590,7 +590,12 @@ class TestImage(PillowTestCase):
self.assertFalse(fp.closed)
def test_overrun(self):
for file in ["fli_overrun.bin", "sgi_overrun.bin", "pcx_overrun.bin"]:
for file in [
"fli_overrun.bin",
"sgi_overrun.bin",
"pcx_overrun.bin",
"pcx_overrun2.bin",
]:
with Image.open(os.path.join("Tests/images", file)) as im:
try:
im.load()

3
src/libImaging/PcxDecode.c
View File

@ -25,6 +25,9 @@ ImagingPcxDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
if (strcmp(im->mode, "1") == 0 && state->xsize > state->bytes * 8) {
state->errcode = IMAGING_CODEC_OVERRUN;
return -1;
} else if (strcmp(im->mode, "P") == 0 && state->xsize > state->bytes) {
state->errcode = IMAGING_CODEC_OVERRUN;
return -1;
}
ptr = buf;